Cross-Site Scripting Vulnerability in WP Hait Post Grid Elementor Addon
CVE-2024-56268

6.5MEDIUM

Key Information:

Vendor: WP Hait
Status: Post Grid Elementor Addon
Vendor: CVE Published:; 2 January 2025

Summary

A cross-site scripting (XSS) vulnerability exists in the WP Hait Post Grid Elementor Addon, impacting versions from n/a through 2.0.18. This flaw allows attackers to inject malicious scripts into web pages, which may then be executed in the browser of unsuspecting users. Exploitation of this vulnerability can lead to unauthorized actions performed on behalf of users, potentially compromising their personal data and security. It is advised for users of the affected versions to implement immediate updates and apply necessary security measures to protect their web applications.

Affected Version(s)

Post Grid Elementor Addon <= 2.0.18

References

https://patchstack.com/database/wordpress/plugin/post-gri...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Dec 18, 2024

Credit

ghsinfosec (Patchstack Alliance)